SPF Included Lookups

More Information About Spf Included Lookups

Your SPF record required more than 10 DNS Lookups to be performed during the test. The number of "include" mechanisms and chained "redirect' modifiers should be kept to a minimum.

According to RFC 7208, 'SPF implementations MUST limit the number of mechanisms and modifiers that do DNS Lookups to at most 10 per SPF check, including any lookups caused by the use of the "include" mechanism or the "redirect" modifier"'. The mechanisms of: "include", "mx", "a", "ptr", and "exists" count against the limit of 10 lookups. The "all, "ip4", and "ip6" mechanisms do not count against the limit of 10 since they do not require a DNS Lookup.

SPF implementations should be restrict the number of DNS Lookups to 10 per check in order to explicitly limit how much data will be accepted to:

Prevent excessive bandwidth usage or memory usage

Prevent DoS attacks

If you use the "include" in your SPF record, it will have referenced SPF records evaluated with your SPF record and as a direct result the DNS Lookup count is dependent upon third parties. If you are close to reaching your limit of 10 DNS Lookups and someone in your "include" adds additional DNS record to their own SPF record, you could easily go over your limit of 10.

Reason for listing -

SPF is the cornerstone of your email delivery strategy.

Are you confident your email is getting through?

MxToolbox is YOUR expert on email deliverability. MxDelivery Center analyzes your DMARC, DKIM and SPF to give you the insight you need to make email configuration changes and get your emails to your customer's.
Learn More